[Samba] Fwd: About samba 3.0.28 trust AD
Jonathan Buzzard
jonathan at buzzard.me.uk
Sun Jul 28 23:41:12 MDT 2013
On 29/07/13 00:48, Nico Kadel-Garcia wrote:
> On Sun, Jul 28, 2013 at 5:39 PM, Marc Muehlfeld<samba at marc-muehlfeld.de> wrote:
>> Hello,
>>
>> Am 06.07.2013 15:26, schrieb Wong siu yu:
>>
>>> I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest
>>> level 2003).
>>> Which package I need to install first? I am using samba-3.0.28 but I have
>>> no samba-winbind.
>>> May I know procedures of trust setting in Linux?
>>
>>
>> Please have a look here first:
>>
>> http://wiki.samba.org/index.php/FAQ#How_to_do_or_fix_..._in_an_outdated_Samba_version.3F
>
> Red Hat 5.2 (which is amazingly old now), or RHEL 5.2 (which is only 5
> years old)? If RHEL 5.2, you should at least remove the samba-*
> packages and replace them with the samba3x-* packages, which include
> samba3x-winbind and are version 3.6.6, instead of the much older
> samba-3.0.33 which is the last update from a licensed RHEL host.
>
That requires something much more recent than RHEL5.2. As I recall
samba3x first came with RHEL 5.6
> If your RHEL license has expired, you can also consider using the
> CentOS or Scientific Linux versions of the package.
He needs to do more than that. The version of RHEL he is running has
more than one remote root exploit, with Samba being one of them. Just
replacing the Samba packages with something more recent is insufficient
to secure that machine. As a matter of some urgency the box should be
upgraded to latest, and if the RHEL license has expired then "switched"
to CentOS/Scientific Linux. Personally my choice is CentOS because a
range of third part software e.g. all the Dell firmware updates
recognize CentOS and work where they consider Scientific Linux as
unsupported without fiddling with things.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list